CVE-2023-2804

Name
CVE-2023-2804
Description
A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range, hence, an attacker could craft a 12-bit lossless JPEG image that contains out-of-range 12-bit samples. An application attempting to decompress such image using merged upsampling would lead to segmentation fault or buffer overflows, causing an application to crash.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/libjpeg-turbo/libjpeg-turbo/issues/675
MISC https://bugzilla.redhat.com/show_bug.cgi?id=2208447
MISC https://github.com/libjpeg-turbo/libjpeg-turbo/issues/668#issuecomment-1492586118
MISC https://access.redhat.com/security/cve/CVE-2023-2804
MISC https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9f756bc67a84d4566bf74a0c2432aa55da404021
secalert@redhat.com https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01006.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:*:*:*:*:*:*:*:* libjpeg-turbo >= None < 2.1.91
cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:*:*:*:*:*:*:*:* libjpeg-turbo >= None < 2.1.90

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
libjpeg-turbo 3.17-main 2.1.4-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libjpeg-turbo 3.16-main 2.1.3-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libjpeg-turbo 3.15-main 2.1.2-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libjpeg-turbo 3.18-main 2.1.5.1-r3 Natanael Copa <ncopa@alpinelinux.org> fixed